WHAT ARE WE BUILDING?

Hard Rock Digital is a team focused on becoming the best online sportsbook, casino, and social gaming company in the world. We’re building a team that resonates passion for learning, operating, and building new products and technologies for millions of consumers. We care about each customer interaction, experience, behavior, and insight and strive to ensure we’re always acting authentically.
Rooted in the kindred spirits of Hard Rock and the Seminole Tribe of Florida, the new Hard Rock Digital taps a brand known the world over as the leader in gaming, entertainment, and hospitality. We’re taking that foundation of success and bringing it to the digital space — ready to join us?

WHAT’S THE POSITION?

We are seeking experienced Cybersecurity Risk Analysts to join our security team at a leading US online gaming platform. This role is critical in protecting our cloud-based gaming infrastructure, customer data, and financial systems while ensuring compliance with gaming regulations and industry standards. The analyst role involves conducting risk assessments, developing risk management and mitigation strategies, supporting audit activities, and ensuring compliance with security policies and compliance requirements.
This role is crucial for our organization to proactively manage technology risks and maintain a strong security posture in an evolving threat landscape. The ideal candidate combines strong technical knowledge with business acumen to effectively communicate and manage risks across all organizational levels.

Risk Assessment and Management

• Conduct comprehensive risk assessments of cloud infrastructure, gaming applications, CI/CD pipelines, DevOps processes, payment processing systems, and all other aspects of internal technology operations.
• Develop and maintain risk registers, threat models, vulnerability and threat management programs, and maintain risk treatment plans.
• Perform quantitative and qualitative risk analysis using industry-standard methodologies (ISO 27005).
• Evaluate third-party vendor security risks and assess supply chain vulnerabilities.

Risk Mitigation and Control Implementation

• Develop and recommend risk mitigation strategies and security controls
• Collaborate with technical teams to implement security measures and monitor their effectiveness
• Track remediation efforts and verify risk reduction activities
• Create and maintain risk metrics and key risk indicators (KRIs)

Compliance and Governance

• Ensure alignment with both internal, regulatory, and industry requirements (state-specific gaming and privacy regulations, ISO27001, PCI-DSS, financial audits, etc.)
• Support internal and external audits by providing risk documentation and evidence
• Maintain security policies, procedures, and risk management frameworks
• Assist in developing and updating the organization’s cybersecurity strategy

Reporting and Communication

• Prepare risk reports and dashboards for management and stakeholders
• Present risk findings and recommendations to technical and non-technical audiences
• Document risk assessment methodologies and maintain assessment artifacts
• Provide risk-based guidance for security strategy decisions

Incident Response and Business Continuity

• Participate in site reliability incident response activities, in particular post-incident reviews
• Similarly participate in security incidents for risk impact and lessons learned
• Support business continuity and disaster recovery planning
• Conduct tabletop exercises and risk scenario planning